Skip to content

Latest commit

 

History

History
145 lines (117 loc) · 6.1 KB

README.md

File metadata and controls

145 lines (117 loc) · 6.1 KB
Sandworm Audit

 

Beautiful Security & License Compliance Reports For Your App's Dependencies 🪱

Summary

Generate a report

Running Sandworm Audit

Navigate charts

Sandworm treemap and tree dependency charts

CSV output

Sandworm dependency CSV

JSON output

{
  "createdAt": "...",
  "packageManager": "...",
  "name": "...",
  "version": "...",
  "rootVulnerabilities": [...],
  "dependencyVulnerabilities": [...],
  "licenseUsage": {...},
  "licenseIssues": [...],
  "metaIssues": [...],
  "errors": [...],
}

Marking issues as resolved

Get Involved

Get Started

Note Sandworm Audit requires Node 14.19+.

Install sandworm-audit globally via your favorite package manager:

npm install -g @sandworm/audit
# or yarn global add @sandworm/audit
# or pnpm add -g @sandworm/audit

Then, run sandworm-audit in the root directory of your application. Make sure there's a manifest and a lockfile.

You can also directly run without installing via:

npx @sandworm/audit@latest
# or yarn dlx -p @sandworm/audit sandworm
# or pnpm --package=@sandworm/audit dlx sandworm

Available options:

Options:
  -v, --version               Show version number                      [boolean]
      --help                  Show help                                [boolean]
  -o, --output-path           The path of the output directory, relative to the
                              application path    [string] [default: "sandworm"]
  -d, --include-dev           Include dev dependencies[boolean] [default: false]
      --sv, --show-versions   Show package versions in chart names
                                                      [boolean] [default: false]
  -p, --path                  The path to the application to audit      [string]
      --md, --max-depth       Max depth to represent in charts          [number]
      --ms, --min-severity    Min issue severity to represent in charts [string]
      --lp, --license-policy  Custom license policy JSON string         [string]
  -f, --from                  Load data from "registry" or "disk"
                                                  [string] [default: "registry"]
      --fo, --fail-on         Fail policy JSON string   [string] [default: "[]"]
  -s, --summary               Print a summary of the audit results to the
                              console                  [boolean] [default: true]
      --root-vulnerabilites   Include vulnerabilities for the root project
                                                      [boolean] [default: false]
      --skip-license-issues   Skip scanning for license issues
                                                      [boolean] [default: false]
      --skip-meta-issues      Skip scanning for meta issues
                                                      [boolean] [default: false]
      --skip-tree             Don't output the dependency tree chart
                                                      [boolean] [default: false]
      --force-tree            Force build large dependency tree charts
                                                      [boolean] [default: false]
      --skip-treemap          Don't output the dependency treemap chart
                                                      [boolean] [default: false]
      --skip-csv              Don't output the dependency csv file
                                                      [boolean] [default: false]
      --skip-report           Don't output the report json file
                                                      [boolean] [default: false]
      --skip-all              Don't output any file   [boolean] [default: false]
      --show-tips             Show usage tips          [boolean] [default: true]

Documentation

Read the full docs here.

Samples on Sandworm.dev